This is the AdAware Scan:
Ad-Aware SE Build 1.05
Logfile Created on:Monday, March 28, 2005 10:12:27 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R34 23.03.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):17 total references
Possible Browser Hijack attempt(TAC index:3):5 total references
Tracking Cookie(TAC index:3):7 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R34 23.03.2005
Internal build : 41
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 434297 Bytes
Total size : 1367368 Bytes
Signature data size : 1337324 Bytes
Reference data size : 29532 Bytes
Signatures total : 38087
Fingerprints total : 746
Fingerprints size : 27805 Bytes
Target categories : 15
Target families : 644
Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:40 %
Total physical memory:523756 kb
Available physical memory:208988 kb
Total page file size:1276932 kb
Available on page file:1006848 kb
Total virtual memory:2097024 kb
Available virtual memory:2040896 kb
OS:Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
3-28-2005 10:12:27 PM - Scan started. (Custom mode)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 472
ThreadCreationTime : 3-25-2005 11:14:20 PM
BasePriority : Normal
#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 540
ThreadCreationTime : 3-25-2005 11:14:32 PM
BasePriority : Normal
#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 628
ThreadCreationTime : 3-25-2005 11:14:37 PM
BasePriority : High
#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 672
ThreadCreationTime : 3-25-2005 11:14:37 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 684
ThreadCreationTime : 3-25-2005 11:14:37 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [aaksrv.exe]
ModuleName : C:\WINDOWS\system32\aaksrv.exe
Command Line : C:\WINDOWS\system32\aaksrv.exe
ProcessID : 832
ThreadCreationTime : 3-25-2005 11:14:39 PM
BasePriority : Normal
FileVersion : 3, 4, 2, 0
ProductVersion : 3, 4, 2, 0
ProductName : Spydex, Inc. Advanced Anti Keylogger
CompanyName : Spydex, Inc.
FileDescription : Advanced Anti Keylogger Service
InternalName : aaksrv.exe
LegalCopyright : Copyright © 2002-2004 Spydex, Inc.
OriginalFilename : aaksrv.exe
#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 932
ThreadCreationTime : 3-25-2005 11:14:39 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 996
ThreadCreationTime : 3-25-2005 11:14:40 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 1084
ThreadCreationTime : 3-25-2005 11:14:40 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 1196
ThreadCreationTime : 3-25-2005 11:14:41 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1252
ThreadCreationTime : 3-25-2005 11:14:42 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:12 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1388
ThreadCreationTime : 3-25-2005 11:14:43 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:13 [isafe.exe]
ModuleName : C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
Command Line : "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe"
ProcessID : 1692
ThreadCreationTime : 3-25-2005 11:14:53 PM
BasePriority : Normal
FileVersion : Version 10.63.0.1
ProductVersion : Version 10.63.0.1
ProductName : ISafe
CompanyName : Computer Associates International, Inc.
FileDescription : ISafe Service
InternalName : ISafe
LegalCopyright : © 2003 Computer Associates International, Inc.
LegalTrademarks : Vet is a trademark of Computer Associates International, Inc.
OriginalFilename : ISafe.exe
Comments : ISafe
#:14 [nvsvc32.exe]
ModuleName : C:\WINDOWS\System32\nvsvc32.exe
Command Line : C:\WINDOWS\System32\nvsvc32.exe
ProcessID : 1732
ThreadCreationTime : 3-25-2005 11:14:53 PM
BasePriority : Normal
FileVersion : 6.14.10.5656
ProductVersion : 6.14.10.5656
ProductName : NVIDIA Driver Helper Service, Version 56.56
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 56.56
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe
#:15 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 1864
ThreadCreationTime : 3-25-2005 11:14:54 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:16 [wdfmgr.exe]
ModuleName : C:\WINDOWS\System32\wdfmgr.exe
Command Line : C:\WINDOWS\System32\wdfmgr.exe
ProcessID : 1932
ThreadCreationTime : 3-25-2005 11:14:57 PM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe
#:17 [vetmsg.exe]
ModuleName : C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
Command Line : "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe"
ProcessID : 1996
ThreadCreationTime : 3-25-2005 11:14:57 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : vetmsg
CompanyName : Computer Associates International, Inc.
FileDescription : vetmsg
InternalName : vetmsg
LegalCopyright : Copyright © 1989-2003 Computer Associates International, Inc.
OriginalFilename : vetmsg.exe
#:18 [vsmon.exe]
ModuleName : C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Command Line : n/a
ProcessID : 2008
ThreadCreationTime : 3-25-2005 11:14:57 PM
BasePriority : Normal
FileVersion : 4.5.585.000
ProductVersion : 4.5.585.000
ProductName : TrueVector Service
CompanyName : Zone Labs Inc.
FileDescription : TrueVector Service
InternalName : vsmon
LegalCopyright : Copyright © 1998-2003, Zone Labs Inc.
OriginalFilename : vsmon.exe
#:19 [hpsysdrv.exe]
ModuleName : C:\windows\system\hpsysdrv.exe
Command Line : "c:\windows\system\hpsysdrv.exe"
ProcessID : 492
ThreadCreationTime : 3-25-2005 11:15:04 PM
BasePriority : Normal
FileVersion : 1, 7, 0, 0
ProductVersion : 1, 7, 0, 0
ProductName : hpsysdrv
CompanyName : Hewlett-Packard Company
FileDescription : hpsysdrv
InternalName : hpsysdrv
LegalCopyright : Copyright © 1998
OriginalFilename : hpsysdrv.exe
#:20 [hpgs2wnd.exe]
ModuleName : C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
Command Line : "C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"
ProcessID : 496
ThreadCreationTime : 3-25-2005 11:15:04 PM
BasePriority : Normal
FileVersion : 2,3,0,0\ 162
ProductVersion : 2,3,0,0\ 162
ProductName : Hewlett-Packard hpgs2wnd
CompanyName : Hewlett-Packard
FileDescription : hpgs2wnd
InternalName : hpgs2wnd
LegalCopyright : Copyright © 2001
OriginalFilename : hpgs2wnd.exe
#:21 [hpqcmon.exe]
ModuleName : C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
Command Line : "C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe"
ProcessID : 504
ThreadCreationTime : 3-25-2005 11:15:04 PM
BasePriority : Normal
FileVersion : 1.1.0.121
ProductVersion : 1.1.0.121
ProductName : HpqCmon Application
FileDescription : HpqCmon MFC Application
InternalName : HpqCmon
LegalCopyright : Copyright © 2001
OriginalFilename : HpqCmon.EXE
#:22 [kbd.exe]
ModuleName : C:\HP\KBD\KBD.EXE
Command Line : "C:\HP\KBD\KBD.EXE"
ProcessID : 524
ThreadCreationTime : 3-25-2005 11:15:04 PM
BasePriority : High
#:23 [khost.exe]
ModuleName : C:\WINDOWS\kdx\KHost.exe
Command Line : "C:\WINDOWS\kdx\KHost.exe"
ProcessID : 940
ThreadCreationTime : 3-25-2005 11:15:07 PM
BasePriority : Normal
FileVersion : 2.20.40120.0
ProductVersion : 2.20.40120.0
ProductName : Secure Delivery Plug-In
CompanyName : Kontiki Inc.
FileDescription : Secure Delivery Plug-In
InternalName : khost.exe
LegalCopyright : Copyright 2001-03 Kontiki, Inc.
OriginalFilename : khost.exe
Comments : Secure Delivery Plug-In
#:24 [vettray.exe]
ModuleName : C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
Command Line : "C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe"
ProcessID : 1148
ThreadCreationTime : 3-25-2005 11:15:09 PM
BasePriority : Normal
FileVersion : Version 1.0
ProductName : VetTray
CompanyName : Computer Associates International, Inc.
FileDescription : Iconic notifier
InternalName : VetTray
LegalCopyright : Copyright © 1997-2001 Computer Associates International, Inc.
OriginalFilename : VetTray.exe
#:25 [ca.exe]
ModuleName : C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\ca.exe
Command Line : n/a
ProcessID : 1128
ThreadCreationTime : 3-25-2005 11:15:11 PM
BasePriority : Normal
FileVersion : 4.5.585.000
ProductVersion : 4.5.585.000
ProductName : EZ Firewall
CompanyName : Computer Associates
FileDescription : EZ Firewall
InternalName : ca
LegalCopyright : Copyright © 1998-2003, Computer Associates..............
OriginalFilename : ca.exe
#:26 [alcxmntr.exe]
ModuleName : C:\WINDOWS\ALCXMNTR.EXE
Command Line : "C:\WINDOWS\ALCXMNTR.EXE"
ProcessID : 1184
ThreadCreationTime : 3-25-2005 11:15:11 PM
BasePriority : Normal
FileVersion : 1.5
ProductVersion : 1.5
ProductName : Realtek Audio - Event Monitor
CompanyName : Realtek Semiconductor Corp.
FileDescription : Realtek Audio - Event Monitor
InternalName : Alcxmntr
LegalCopyright : Copyright © 2004 Realtek Semiconductor Corp.
OriginalFilename : Alcxmntr.exe
#:27 [jusched.exe]
ModuleName : C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
Command Line : "C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe"
ProcessID : 1212
ThreadCreationTime : 3-25-2005 11:15:12 PM
BasePriority : Normal
#:28 [ituneshelper.exe]
ModuleName : C:\Program Files\iTunes\iTunesHelper.exe
Command Line : "C:\Program Files\iTunes\iTunesHelper.exe"
ProcessID : 1236
ThreadCreationTime : 3-25-2005 11:15:12 PM
BasePriority : Normal
FileVersion : 4.7.1.30
ProductVersion : 4.7.1.30
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe
#:29 [weather.exe]
ModuleName : C:\Program Files\AWS\WeatherBug\Weather.exe
Command Line : "C:\Program Files\AWS\WeatherBug\Weather.exe" 1
ProcessID : 1424
ThreadCreationTime : 3-25-2005 11:15:20 PM
BasePriority : Normal
FileVersion : 4, 1, 0, 2
ProductVersion : 4, 1, 0, 2
ProductName : AWS, Inc.WeatherBug
CompanyName : AWS Convergence Technologies, Inc.
FileDescription : WeatherBug
InternalName : Desktop Weather
LegalCopyright : Copyright © 2001-2002
LegalTrademarks : WeatherBug, WeatherNet, WeatherNet+, InstaCAM
OriginalFilename : WeatherBug.exe
Comments : World Largest Weather Network
#:30 [ctfmon.exe]
ModuleName : C:\WINDOWS\system32\ctfmon.exe
Command Line : "C:\WINDOWS\system32\ctfmon.exe"
ProcessID : 1520
ThreadCreationTime : 3-25-2005 11:15:20 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE
#:31 [robotaskbaricon.exe]
ModuleName : C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
Command Line : "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
ProcessID : 1528
ThreadCreationTime : 3-25-2005 11:15:21 PM
BasePriority : Normal
#:32 [aak.exe]
ModuleName : C:\Program Files\Advanced Anti Keylogger\aak.exe
Command Line : "C:\Program Files\Advanced Anti Keylogger\aak.exe" /silent
ProcessID : 1568
ThreadCreationTime : 3-25-2005 11:15:21 PM
BasePriority : Normal
FileVersion : 3, 4, 2, 0
ProductVersion : 3, 4, 2, 0
ProductName : Spydex, Inc. Advanced Anti Keylogger
CompanyName : Spydex, Inc.
FileDescription : Advanced Anti Keylogger shell
InternalName : aak.exe
LegalCopyright : Copyright © 2002-2004 Spydex, Inc.
OriginalFilename : aak.exe
#:33 [hpgs2wnf.exe]
ModuleName : c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
Command Line : "c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe" -Embedding
ProcessID : 1560
ThreadCreationTime : 3-25-2005 11:15:27 PM
BasePriority : Normal
FileVersion : 2, 6, 0, 162
ProductVersion : 2, 6, 0, 162
ProductName : hpgs2wnf Module
FileDescription : hpgs2wnf Module
InternalName : hpgs2wnf
LegalCopyright : Copyright 2001
OriginalFilename : hpgs2wnf.EXE
#:34 [bagent.exe]
ModuleName : C:\Program Files\Quicken\bagent.exe
Command Line : "C:\Program Files\Quicken\bagent.exe"
ProcessID : 2052
ThreadCreationTime : 3-25-2005 11:15:29 PM
BasePriority : Normal
FileVersion : 008.000.000.000
ProductVersion : 008.000.000.000
ProductName : Quicken 2003 for Windows
CompanyName : Intuit Inc.
FileDescription : Quicken Background Agent
InternalName : LBTMNGR.DLL
LegalCopyright : Copyright © 2001 by Intuit
LegalTrademarks : Quicken® is a registered trademark of Intuit Inc.
OriginalFilename : BAGENT.EXE
Comments : StringFileInfo: U.S. English
#:35 [ipodservice.exe]
ModuleName : C:\Program Files\iPod\bin\iPodService.exe
Command Line : "C:\Program Files\iPod\bin\iPodService.exe"
ProcessID : 2864
ThreadCreationTime : 3-25-2005 11:16:27 PM
BasePriority : Normal
FileVersion : 4.7.1.30
ProductVersion : 4.7.1.30
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe
#:36 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 3152
ThreadCreationTime : 3-25-2005 11:16:34 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:37 [tca.exe]
ModuleName : C:\Program Files\The Cleaner\tca.exe
Command Line : "C:\Program Files\The Cleaner\tca.exe"
ProcessID : 3332
ThreadCreationTime : 3-26-2005 3:31:37 AM
BasePriority : Normal
FileVersion : 3.1.0.3073
ProductVersion : 3.1.0.0
ProductName : TCActive
CompanyName : MooSoft Development
FileDescription : The Cleaner Active Process Monitor
InternalName : TCActive!
LegalCopyright : © 2000-2004 MooSoft Development
OriginalFilename : tca.exe
Comments :
http://www.moosoft.com#:38 [tcm.exe]
ModuleName : C:\Program Files\The Cleaner\tcm.exe
Command Line : "C:\Program Files\The Cleaner\tcm.exe"
ProcessID : 3752
ThreadCreationTime : 3-26-2005 3:31:40 AM
BasePriority : Normal
FileVersion : 2.1.0.2043
ProductVersion : 2.1.0.0
ProductName : TC Monitor
CompanyName : MooSoft Development
FileDescription : The Cleaner Registry and File Monitor
InternalName : TCMonitor
LegalCopyright : 2000-2004 MooSoft Development
OriginalFilename : tcm.exe
Comments :
http://www.moosoft.com#:39 [wisptis.exe]
ModuleName : C:\WINDOWS\system32\WISPTIS.EXE
Command Line : "C:\WINDOWS\system32\WISPTIS.EXE" -Embedding
ProcessID : 1688
ThreadCreationTime : 3-27-2005 4:45:03 PM
BasePriority : High
FileVersion : 1.0.2201.0 (xpsp1.020820-1800)
ProductVersion : 1.0.2201.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Microsoft Tablet PC Platform Component
InternalName : WISPTIS.EXE
LegalCopyright : Copyright © 1998-2002 Microsoft Corporation.
OriginalFilename : WISPTIS.EXE
#:40 [realsched.exe]
ModuleName : C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Command Line : "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -restart
ProcessID : 1072
ThreadCreationTime : 3-28-2005 11:15:35 PM
BasePriority : Normal
FileVersion : 0.1.0.3034
ProductVersion : 0.1.0.3034
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe
#:41 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 1916
ThreadCreationTime : 3-29-2005 4:11:57 AM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Possible Browser Hijack attempt : Software\Microsoft\Internet Explorer\SearchSearchAssistantisearch.com
Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "
http://www.isearch.c...DQ6NTo5&Terms=" Category : Data Miner
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Search
Value : SearchAssistant
Data : "
http://www.isearch.c...DQ6NTo5&Terms="Possible Browser Hijack attempt : S-1-5-21-3397475009-3429030821-2442792149-1003\Software\Microsoft\Internet Explorer\MainSearch Pageisearch.com
Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "
http://www.isearch.c...DQ6NTo5&Terms=" Category : Data Miner
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_USERS
Object : S-1-5-21-3397475009-3429030821-2442792149-1003\Software\Microsoft\Internet Explorer\Main
Value : Search Page
Data : "
http://www.isearch.c...DQ6NTo5&Terms="Possible Browser Hijack attempt : S-1-5-21-3397475009-3429030821-2442792149-1003\Software\Microsoft\Internet Explorer\MainSearch Barisearch.com
Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "
http://www.isearch.c...DQ6NTo5&Terms=" Category : Data Miner
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_USERS
Object : S-1-5-21-3397475009-3429030821-2442792149-1003\Software\Microsoft\Internet Explorer\Main
Value : Search Bar
Data : "
http://www.isearch.c...DQ6NTo5&Terms="Possible Browser Hijack attempt : S-1-5-21-3397475009-3429030821-2442792149-1003\Software\Microsoft\Internet Explorer\SearchSearchAssistantisearch.com
Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "
http://www.isearch.c...DQ6NTo5&Terms=" Category : Data Miner
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_USERS
Object : S-1-5-21-3397475009-3429030821-2442792149-1003\Software\Microsoft\Internet Explorer\Search
Value : SearchAssistant
Data : "
http://www.isearch.c...DQ6NTo5&Terms="Possible Browser Hijack attempt : S-1-5-21-3397475009-3429030821-2442792149-1003\Software\Microsoft\Internet ExplorerSearchURLisearch.com
Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "
http://www.isearch.c...DQ6NTo5&Terms=" Category : Data Miner
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_USERS
Object : S-1-5-21-3397475009-3429030821-2442792149-1003\Software\Microsoft\Internet Explorer
Value : SearchURL
Data : "
http://www.isearch.c...DQ6NTo5&Terms="Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 5
Objects found so far: 5
MRU List Object Recognized!
Location: : S-1-5-21-3397475009-3429030821-2442792149-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension
MRU List Object Recognized!
Location: : S-1-5-21-3397475009-3429030821-2442792149-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened
MRU List Object Recognized!
Location: : S-1-5-21-3397475009-3429030821-2442792149-1003\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened
MRU List Object Recognized!
Location: : S-1-5-21-3397475009-3429030821-2442792149-1003\software\microsoft\office\9.0\common\open find\microsoft word\settings\save as\file name mru
Description : list of recent documents saved by microsoft word
MRU List Object Recognized!
Location: : S-1-5-21-3397475009-3429030821-2442792149-1003\software\realnetworks\realplayer\6.0\preferences
Description : list of recent skins in realplayer
MRU List Object Recognized!
Location: : S-1-5-21-3397475009-3429030821-2442792149-1003\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : S-1-5-21-3397475009-3429030821-2442792149-1003\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-3397475009-3429030821-2442792149-1003\software\adobe\acrobat reader\6.0\avgeneral\crecentfiles
Description : list of recently used files in adobe reader
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : S-1-5-21-3397475009-3429030821-2442792149-1003\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-3397475009-3429030821-2442792149-1003\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : S-1-5-21-3397475009-3429030821-2442792149-1003\software\winrar\dialogedithistory\extrpath
Description : winrar "extract-to" history
MRU List Object Recognized!
Location: : S-1-5-21-3397475009-3429030821-2442792149-1003\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
MRU List Object Recognized!
Location: : C:\Documents and Settings\Owner\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office
MRU List Object Recognized!
Location: : C:\Documents and Settings\Owner\recent
Description : list of recently opened documents
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@cgi-bin[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:
[email protected]/cgi-bin
Expires : 3-25-2015 12:08:54 PM
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@2o7[1].txt
Category : Data Miner
Comment : Hits:6
Value : Cookie:
[email protected]/
Expires : 3-26-2010 9:32:32 AM
LastSync : Hits:6
UseCount : 0
Hits : 6
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@bravenet[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:
[email protected]/
Expires : 3-23-2015 9:45:46 PM
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@tribalfusion[1].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:
[email protected]/
Expires : 12-31-2037 6:00:00 PM
LastSync : Hits:5
UseCount : 0
Hits : 5
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@bluestreak[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:
[email protected]/
Expires : 3-23-2015 11:50:08 AM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@apmebf[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:
[email protected]/
Expires : 3-26-2010 7:37:40 PM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data :
[email protected][1].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:
[email protected]/
Expires : 3-25-2006 5:17:38 PM
LastSync : Hits:4
UseCount : 0
Hits : 4
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 7
Objects found so far: 29
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 29
Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 29
Deep scanning and examining files (G:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for G:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 29
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
2 entries scanned.
New critical objects:0
Objects found so far: 29
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 29
10:42:01 PM Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:29:34.79
Objects scanned:265939
Objects identified:12
Objects ignored:0
New critical objects:12